Summary
The digitalization of electrical substations brings advanced monitoring and control capabilities but also amplifies the risk and impact of cyber attacks targeting Operational Technology (OT) systems. This paper emphasizes the need for a comprehensive cyber security assessment in substations, rooted in principles of context-specific protection, defense-in-depth, and pragmatic expectations around attainable security. The outdated notion that OT networks are naturally insulated from cyber threats is refuted, given the expanded attack surface arising from remote access, increased connectivity, and operational flexibility requirements. A particular focus is placed on vulnerabilities in IEC 61850-based substation communication protocols, which lack robust authentication and encryption, making them susceptible to attacks like spoofing, replay, and man-in-the-middle. To address these threats, the study evaluates both standardized mitigations, such as those outlined in IEC 62351 and IEC 61588, and emerging, nonstandardized approaches such as IEEE 802.1AE for digital substations, analyzing their impact on communication network security, reliability, and complexity. The implications of transitioning to quantum-resistant cryptographic algorithms are also explored. Unlike prior work, this study delivers a practical, protocol-specific evaluation and proposes a blueprint for highly secure, reliable, available, and crypto-agile digital substation communication network.
Read more Read lessKey results indicate that, for IEC 61850 Generic Object-Oriented Substation Event (GOOSE) and Sampled Values (SV) protocols, Medium Access Control (MAC) address-based access control lists and Virtual Local Area Network (VLAN)-based micro segmentation offer security benefits comparable to approaches based on cryptographic protocols, but with fewer infrastructure demands and better availability. Parallel Redundancy Protocol (PRP)-based networks outperform High-availability Seamless Redundancy (HSR)-based ones in both reliability and security. Transport Layer Security (TLS) is shown to be essential for securing
IEC 61850 Manufacturing Message Specification (MMS) communications by authenticating clients and server. Moreover, the deployment of an Authentication, Authorization, and
Accountability (AAA) proxy servers to mediate communications between field and management endpoints enhances security and agility, without the need to provide access to field devices to a Public Key Infrastructure (PKI). Finally, current IEC 61588 recommendations for securing the Precision Time Protocol (PTP) are found insufficient against cyber attacks, highlighting the need for further advancements. In the proposed blueprint architecture, the clear separation from station and process bus, along with the independence of field devices from a
PKI and Key Distribution Centers (KDCs), enables the process bus to operate autonomously and continuously, even if the station bus or the wider Information Technology (IT) infrastructure becomes unavailable due to system updates, failures, or cyber attacks.
Additional informations
| Publication type | Session Materials |
|---|---|
| Reference | D2_10309_2026 |
| Publication year | |
| Publisher | CIGRE |
| Country | Netherlands, The |
| Study committees | |
| File size | 590 KB |
| Price for non member | 30 € |
| Price for member | 30 € |
Authors
CIBIN Nicola - Delft University of Technology; GODEFROOI Joey - Stedin; VAN HOFWEGEN Dirk - TenneT; CARSTENS Herman - Elia Group; DE HOOGH Corné - Siemens; NIEUWSTAD Jan - Technolution; PETERS Olaf - Technolution; ŞTEFANOV Alex - Delft University of Technology
Keywords
Digital substations, IEC 61850, communication protocols, cyber security, cyber attacks, mitigations, cryptography
